'Detect if Rails is Running a Site
I am part of a team that manages a public facing cloud platform at my company. We have a large user base running VM's that face the internet. I would like to run an automated scan of our address space and see if anyone is running a Rails app so I can notify them to upgrade their version of Rails to avoid a critical security vulnerability that came out this week.
I've noticed that in some Apache deployments, there is a Passenger Header that is useful:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.3
However, this is not reliable. I'm wondering if there is a reliable way to detect Rails running behind a web server either with response headers or some kind of a GET / POST that can be definitive. Thanks!
Solution 1:[1]
Most rails apps have a submit button where the name="commit"
Solution 2:[2]
A Rails app could be running on lots of different ports, depending on the configuration allowed. That, plus the fact that the app might not respond in a way you can recognize, seems like a "sub-optimal" way to find out.
Instead, if you own the hosting, you own the drives and the systems supporting the apps. Why not run a grep across the systems, looking for strings matching Rails.
Or search for some of the standard Rails files; Use find, or locate if you have it running.
Solution 3:[3]
Another default setting of Rails that is commonly left untouched is the name of the main /assets/application-<hex hash>.{css,js} files.
I don't thing that a single reliable way of detecting Rails exists, but by using a combination of the authenticity_token, the default assets names and the HTTP headers, you should be able do identify the vast majority of the Rails apps.
The Wappalyzer script uses these three criteria and considers that the co-occurrence of two indicates a Rails app.
Solution 4:[4]
Wappalyzer is a good option, and (shameless plug) have you looked at Spotkick? We're in private beta now, but it's a distributed engine for running open source apps, so you could run Wappalyzer across all of your sites to see what's probably running rails.
I do this for banklook.com - I run over about 6800 banks to dig up details about security risks.
Let me know if you want more details or information.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Joseph Bona |
| Solution 2 | the Tin Man |
| Solution 3 | the Tin Man |
| Solution 4 | Golden Flying Broom |